Birdwatch Note Rating
2024-08-19 03:22:45 UTC - HELPFUL
Rated by Participant: CC058D3B35D67752C20F2B2B409E9ADF32871E5A5F3731FE8159247A7F9E4AE6
Participant Details
Original Note:
This is not a vulnerability, it is just using the user's session ID to change their profile via the API. The session ID is only obtainable by the given user and expires after some time. There is no evidence that this ID can be hijacked to change someone else's account. https://en.wikipedia.org/wiki/Session_ID
All Note Details